I would like to have the ability to see the following in the Device Manager:
List of allowed devices not currently connected to the network
List of blocked devices not currently connected to the network
And in those lists, I would like to be able to restore access to a given device even if it isn't currently connected to the network.
I would also like to be able to deny a particular device access to the network even if it has the password. Currently the only capability the router has is to block access to the Internet. I don't want to use a client separator or whatever. I want to block a device off the network completely even if they have the password.
I would like to have the ability to see the following in the Device Manager:
List of allowed devices not currently connected to the network
List of blocked devices not currently connected to the network
And in those lists, I would like to be able to restore access to a given device even if it isn't currently connected to the network.
Fully agree - the Nighthawk App must give (almost) all management access options available in Advanced -> Security -> Access Control, but especially these two lists are missing.
I would also like to be able to deny a particular device access to the network even if it has the password. Currently the only capability the router has is to block access to the Internet. I don't want to use a client separator or whatever. I want to block a device off the network completely even if they have the password.
At this point I'm more than confused - more something like up set - well, I always was when it comes to Netgear's consumer stuff.
@IrvSp you have a R8000 or R8000P when the grey cells haven't failed - please check if everything from here is right!
I'm almost convinced that the Nighthawk App - Devices [Pause/Resume] does
Turn on Access Control with Allow all devices to connect (if it wasn't not enabled before, and/or configured different), and
Trigger the [Allow] resp. [Block] for that device in the Access Control
Confusion why? On one hand, my R9000 does show in the Access Control Help - and I'm almost convinced this is the same text used on all newer Nighthawk routers (but I hope to be wrong).
===
Access Control Help
You can use Access Control to allow or block computer or electronic devices from accessing your network. When a device is blocked, it would only be able to get an IP address from your router, but it won't be able to communicate with other devices, nor it would be able to connect to the Internet. ===
=== Note: Blocking devices with access control only blocks them from accessing the Internet. Devices can still access your router’s local network and communicate with your connected devices.
Somehow left and right hand don't know what they do. Can't get rid of the impression that what appears to be the "same" feature is implemented very different on the routers. @Christian_R can you shed some light into this mess please?
Currently if I "Pause" a device in the Nighthawk app that device still has access to the internal network, i.e. all of the computers on the network. I tested this yesterday when I disabled my son's access but he needed to copy some documents off my server. He still had access to the server on the internal network and was able to copy those docs.
Well, I guess it could be open to second guessing from the help. It talks about the ACCESS CONTOL page then the ALLOW and BLOCK button:
==========
Access Rule radio buttons. Select the radio button for the Access Rule that you want for new devices attempting to connect to your network. The Access Rule does not affect previously blocked or allowed devices. It applies only to future devices joining your network after you apply these settings.
By default, “Allow all new devices to connect” is selected, so if you or your family buy a new device, it will be able to access your network without configuring its MAC address in this page.
NETGEAR recommends that you keep this option selected. If you change this to “Block all new devices from connecting”, then your new device won't be able to access your network until you specifically add its MAC address into the allowed list. For example, if a new computer has both wireless and Ethernet network connections, each connection has its own MAC address, you'll need to add specifically both MAC addresses to the allowed list.
Allow and Block buttons. To allow or block access for a specific device, select its check box and then click the Allow or Block button to change its status.
================
If I read 'between the lines' it IS possible that the router must be re-boot? Also, not sure if a device/PC has made the drive/folder on the LAN a shared Network drive that reconnects on boot?
As I read it, once set, the device should have NO access, but again, it might take a reboot of either the router or the device to have it be in effect?
I would also like to be able to deny a particular device access to the network even if it has the password. Currently the only capability the router has is to block access to the Internet. I don't want to use a client separator or whatever. I want to block a device off the network completely even if they have the password.
At this point I'm more than confused - more something like up set - well, I always was when it comes to Netgear's consumer stuff.
@IrvSp you have a R8000 or R8000P when the grey cells haven't failed - please check if everything from here is right!
OK, here is what I did... see the screen capture on left.
I BLOCKED my phone from connecting. The PHONE IS blocked. The Wireless icon is still there, but there is a 'small' ! to the right. Phone IP Address is 165.0.0.2? Tried to use the web, it says it is BLOCKED BY THE ROUTER ACCESS CONTROL..
On my R8000!!!
When I then ALLOWED it, phone wireless access returned.
@IrvSpthank you for joining! As a second test, may I kindly ask you to "Pause" any device from the Nighthawk App - and then check of this does lead to the same result as using [Block] in the Web UI Access control - or if it does _only_ stop the Internet access, but continues to allow the access to the same [W]LAN - as documented (and applicable for the R8000!) -> https://kb.netgear.com/24830/How-do-I-use-access-control-to-allow-or-block-devices-from-accessing-th... ?
To compare, the R9000 here does block both - so using the Access Control - Block/Allow does exactly reflect the Allow/Pause from the App.
The small (!) does indicate the device (phone) isn't able to reach the Internet - that's OK and expected.
@IrvSpthank you for joining! As a second test, may I kindly ask you to "Pause" any device from the Nighthawk App - and then check of this does lead to the same result as using [Block] in the Web UI Access control - or if it does _only_ stop the Internet access, but continues to allow the access to the same [W]LAN - as documented (and applicable for the R8000!) -> https://kb.netgear.com/24830/How-do-I-use-access-control-to-allow-or-block-devices-from-accessing-th... ?
To compare, the R9000 here does block both - so using the Access Control - Block/Allow does exactly reflect the Allow/Pause from the App.
The small (!) does indicate the device (phone) isn't able to reach the Internet - that's OK and expected.
Kurt, that small ! does mean I don't have any connection. Somehow the phone's IP Address changed to a real odd one like I said, but since it seemed to think I had a wireless connection, which I did not, it never reverted to the cell service...
So to do what the 2nd test was I opened my iPad's NightHawk app and paused the same phone. This time 'slightly' different results...
First, the Nighthawk app Device screen significantly changed? We've got 2 Android phones, both are set to show a phone icon AND individual device names. Now I paused my phone. Screen circles and rebuilds, comes back with MY phone in the pause position, BUT, and this is the odd part, my phone name changed to Android and a bunch of alpha-numerics, AND so did my wife's Android? Odd that BOTH would change? Oh well. I checked the phone, and unlike the time blocking it for the Browser Genie, it did NOT change the IP Address of 192.168.1.4? Oh? Interesting, but I could not use the Chrome browser as it never connected to anything, nor show me the blocked message? However, when I tried to open NIGHTHAWK app it couldn't? Said I could not connect to the SSID (5-2 Ghz) it was on? Could it be because the iPad was connected I though? So I turned back on the Android Phone. NightHawk on the iPad refreshed and both Android Phone names came back (why would pausing one Android phone change the name of both?). OK, phone now works browsing and still has the same IP Address. Great. With the Nighthawk app still on on the iPad, I opened it on the Android phone. It opened, logged in to the R8000 and works?
My conclusion? I don't care what the documentation says (when should one ever trust NG help or documentation that probably never changes with firmware updates or new/changed mobile apps), as far as I can tell, BLOCK and PAUSE do the same FUNCTION, STOPS ALL ACCESS TO THE LAN...
So I wanted to VERIFY this more, I used the iPad to PAUSE (via iPad's NightHawk) my PC, the very one I'm writing this on. First thing I did was open a CMD prompt and did a NET VIEW:
C:\>net view System error 6118 has occurred.
The list of servers for this workgroup is not currently available
Sort of verifies I am NOT on the LAN... and then I noticed on the Browser where I'm writing this a RED bar telling me the AUTOSAVE failed?
Also as I type this the AUTOSAVE is working again.
Soooo.... I think I can safely say BOTH BLOCK and PAUSE do the same function, disconnect the device from the LAN.
I would think though if other routers have a different operational mode, like you can only block Internet access, that might not be true, but it is sure more work for the CPU/router to keep track of who has Internet access and who doesn't? On the other hand, the OP claims they didn't have the same results I did? OP claims to have an R8000 like I do too? I am on V1.0.4.28_10.1.54, could OP be on a different F/W?
In any case, it seems NG documentation if FUBAR'ed?
I BLOCKED my phone from connecting. The PHONE IS blocked. The Wireless icon is still there, but there is a 'small' ! to the right. Phone IP Address is 165.0.0.2? Tried to use the web, it says it is BLOCKED BY THE ROUTER ACCESS CONTROL..
On my R8000!!!
When I then ALLOWED it, phone wireless access returned.
My guess is that the phone will default to cellular when it cannot access the Internet. Can you confirm that setting is disabled?
What I can tell you all, confirmed just now, is that hitting 'pause' on the app for my desktop cause the "This Device Is Blocked..." from the R8000. But a simple click brought up the shared directories on my Windows Server. I don't have Wireless Client Separation enabled (I seem to remember that setting on a router, but at the moment I can't put my hands on that setting), not that it would matter as both my desktop and the server are on a wired connection.
So, don't know what to tell you. Pause doesn't block someone from the local network. Not on my LAN anyway.
What I can tell you all, confirmed just now, is that hitting 'pause' on the app for my desktop cause the "This Device Is Blocked..." from the R8000. But a simple click brought up the shared directories on my Windows Server.
I suspect the Pause / Device block does deny _new_ sessions on some implementations?
For https Web pages, you get the "This device is Blocked..." message, too?
I don't have Wireless Client Separation enabled (I seem to remember that setting on a router, but at the moment I can't put my hands on that setting), not that it would matter as both my desktop and the server are on a wired connection.
No such control for the "primary" wireless, available only on the Guest networks for the Nighthawk Routers.
So, don't know what to tell you. Pause doesn't block someone from the local network. Not on my LAN anyway.
I remember, you had some questions about reading between the lines. It looks to me like established sessions (at least to the LAN) might remain available - so when you worked with your desktop before, the sessions are established, the Windows server name might be cached anyway, so that's why you can continue accessing the Windows Server even after Pause is selected.
When doing the similar test here on the R9000 on the primary WLAN - which does clearly state it does block any network connection - even established sessions to the NAS are stopped, no ping to any, ... as expected.
Now the curiosity came up and we connected a (Windows 10) test system direct to a router LAN port. And it behaved the same like the wireless above.
Needless to say, when using a port on the attached switch (an S8000/GS808E) here, the LAN connectivity to the switch ports can't be prohibited, except of the data flowing to the router switch port of course ... which behaves blocking as expected again.
At this point the bigger problem - even after resuming (allow network access again) the DNS caching does still bring us to the "This device is blocked" (for http, port 80) resp, a "dead end" (for https, port 443). So either flushing DNS cache or reboot is the way to re-establish connectivity and full usability.
I BLOCKED my phone from connecting. The PHONE IS blocked. The Wireless icon is still there, but there is a 'small' ! to the right. Phone IP Address is 165.0.0.2? Tried to use the web, it says it is BLOCKED BY THE ROUTER ACCESS CONTROL..
On my R8000!!!
When I then ALLOWED it, phone wireless access returned.
My guess is that the phone will default to cellular when it cannot access the Internet. Can you confirm that setting is disabled?
I think the Phone still thought it was connected to the router, it never itself disconnected. The SSID is still SEEN, but it can't connect. It is set to connect to it when it sees the SSID. The fact that it can't connect may have it continually retrying, so it WILL not switch to cell service.
Same goes for my iPad and PC. That is also why once the block/pause is removed the connection is automatically restored.
Maybe different phones operate differently?
All I know is that not what devices, phone, iPad, or PC, is denied access, it has NONE. No app, program, nor Windows command, can assess ANY LAN resources.
